Lucene search
This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.WEBMIN_1_550.NASLHistoryMar 22, 2018 - 12:00 a.m.
Webmin <= 1.540 Cross Site Scripting
2018-03-2200:00:00
This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
15
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
0.004
Percentile
72.6%
According to its self-reported version, the Webmin install hosted on the remote host is 1.540 or lower. It is, therefore, affected by a cross site scripting vulnerability via a chfn command.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(108554);
script_version("1.4");
script_cvs_date("Date: 2019/11/08");
script_cve_id("CVE-2011-1937");
script_bugtraq_id(47558);
script_name(english:"Webmin <= 1.540 Cross Site Scripting");
script_summary(english:"Checks version of Webmin.");
script_set_attribute(attribute:"synopsis", value:
"The remote web server is affected by a cross site scripting
vulnerability.");
script_set_attribute(attribute:"description", value:
"According to its self-reported version, the Webmin install hosted on
the remote host is 1.540 or lower. It is, therefore, affected by
a cross site scripting vulnerability via a chfn command.");
script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/bid/47558");
script_set_attribute(attribute:"see_also", value:"http://www.webmin.com/changes.html");
script_set_attribute(attribute:"solution", value:
"Upgrade to Webmin 1.550 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2011/04/26");
script_set_attribute(attribute:"patch_publication_date", value:"2011/04/26");
script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/22");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:webmin:webmin");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses : XSS");
script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("webmin.nasl");
script_require_keys("www/webmin", "Settings/ParanoidReport");
script_require_ports("Services/www", 10000);
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
app = 'Webmin';
port = get_http_port(default:10000, embedded: TRUE);
get_kb_item_or_exit('www/'+port+'/webmin');
version = get_kb_item_or_exit('www/webmin/'+port+'/version', exit_code:1);
source = get_kb_item_or_exit('www/webmin/'+port+'/source', exit_code:1);
if (report_paranoia < 2) audit(AUDIT_PARANOID);
dir = "/";
install_url = build_url(port:port, qs:dir);
fix = "1.550";
if (ver_compare(ver:version, fix:"1.540", strict:FALSE) <= 0)
{
report =
'\n URL : ' + install_url +
'\n Version Source : ' + source +
'\n Installed version : ' + version +
'\n Fixed version : ' + fix + '\n';
security_report_v4(severity:SECURITY_WARNING, port:port, extra:report, xss:TRUE);
}
else audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url, version);
Related
openvas
openvas
Mandriva Update for webmin MDVSA-2011:109 (webmin)
2011-06-20 00:00:00
Mandriva Update for webmin MDVSA-2011:109 (webmin)
2011-06-20 00:00:00
Webmin Cross-Site Scripting Vulnerability-02 (Mar 2018) - Windows
2018-03-27 00:00:00
cve
cve
CVE-2011-1937
2011-05-31 20:55:05
cvelist
cvelist
CVE-2011-1937
2011-05-31 20:00:00
nvd
nvd
CVE-2011-1937
2011-05-31 20:55:05
prion
prion
Cross site scripting
2011-05-31 20:55:00
nessus
nessus
Mandriva Linux Security Advisory : webmin (MDVSA-2011:109)
2011-06-14 00:00:00
securityvulns
securityvulns
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
0.004
Percentile
72.6%
Related for WEBMIN_1_550.NASL